Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger Wallet 4.0

Download now Learn more

Responsible Disclosure

Apr 8, 2026 | Updated Apr 8, 2026
Responsible disclosure is a process where security researchers report a vulnerability to a company before making the information public.

What Is Responsible Disclosure?

In the world of digital security, finding a bug is only the first step. Responsible disclosure provides a framework for how that bug is handled. Instead of immediately announcing a vulnerability, a white-hat hacker or researcher contacts the affected organization privately.

This process is based on a mutual agreement: the researcher generally agrees not to share the details publicly until a patch is ready, while the organization works to verify and fix the issue.

How Does Responsible Disclosure Work?

The responsible disclosure process typically follows several standardized steps:

  • Discovery and Documentation: A researcher identifies a vulnerability and creates a detailed report explaining how the bug was found and how it can be reproduced.
  • Initial Contact: The researcher reaches out through a designated security channel or a bug bounty program.
  • Verification and Triage: The organization’s security team investigates the report to confirm the vulnerability and determine its severity.
  • Remediation: Developers work on a fix or a patch to resolve the issue.
  • Public Disclosure: Once the fix is deployed and users are protected, the details of the exploit are shared publicly.

The Ledger Donjon: A Leader in Responsible Disclosure

As Ledger’s internal team of white-hat hackers, the Donjon’s research into hardware and software vulnerabilities extends across the entire crypto landscape. When the team identifies a flaw in a third-party provider or industry-standard protocol, they follow the responsible disclosure process to ensure the community is protected before a vulnerability becomes public.

The Donjon also manages the Ledger Bug Bounty program, which invites security researchers to report vulnerabilities in the Ledger ecosystem. This collaborative approach ensures that experts are constantly stress-testing infrastructure to maintain security.

Explore the Ledger Bug Bounty program

Shapella Fork

The Shapella fork is the combination of two major Ethereum network upgrades (Shanghai and Capella upgrades) that occurred simultaneously. Together, these upgrades allowed users to withdraw their staked ETH on the network.

Full definition

Epoch

An epoch is a defined or specific timeframe during which specific activities occur in a blockchain network.

Full definition

Options

Options are a type of contract that grants a trader the right, rather than the obligation, to buy or sell an underlying asset at a predetermined price within a specific timeframe.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.